有部 server 中左 , port scan 其他機 , 可以點搞 ?

本帖最後由 peterchu1 於 2020-8-11 13:26 編輯

以下係 event log ( 有少量修改過的 ) , kaspersky 做過 full scan , 但又出 No threat .

有無方法可以再防止 port scan ?


========================================

Log Name:      Kaspersky Endpoint Security
Source:        avp
Date:         
Event ID:      643
ask Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      
Description:
Event type:     Malicious object detected
Application\Name:     Windows Command Processor
Application\Path:     C:\Windows\SysZEZ4\
Application\Process ID:     17343
User:     NT AUTHORITY\SYSTEM (System user)
Component:     File Threat Protection
Result\Description:     Detected
Result\Type:     Trojan
Result\Name:     HEUR:Trojan.Win32.JPotato.gen
Result\Threat level:     High
Result\Precision:     Heuristic analysis
Object:     C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\dg.exe
Object\Type:     File
Object\Path:     C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\dg64.exe
Object\Name:     jp64.exe
Reason:     Expert analysis
Database release date:     
Hash:     2effage66a1056gdf586glfsafjsalkfjaf

========================================

Log Name:      Kaspersky Endpoint Security
Source:        avp
Date:         
Event ID:      231
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      
Description:
Event type:     Active threat detected. Start Advanced Disinfection
Application\Name:     Kaspersky Endpoint Security for Windows
User:     NT AUTHORITY\SYSTEM (System user)
Component:     Protection

==================================================

Log Name:      Kaspersky Endpoint Security
Source:        avp
Date:         
Event ID:      423
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      
Description:
Event type:     Malicious object detected
Application\Name:     IIS Worker Process
Application\Path:     C:\Windows\System32\inetsrv\
Application\Process ID:     8272
User:     NT AUTHORITY\SYSTEM (System user)
Component:     File Threat Protection
Result\Description:     Detected
Result\Type:     Trojan
Result\Name:     Trojan.ASP.Agent.at
Result\Threat level:     High
Result\Precision:     Exactly
Object:     C:\inetpub\wwwroot\entrance\result01.asp
Object\Type:     File
Object\Path:     C:\inetpub\wwwroot\entrance\result01.asp
Object\Name:     result01.asp
Reason:     Automatic analysis
Database release date:

有哂 Object 路徑

TOP

話埋你知係邊個 file , 自己人手搞掂佢啦

TOP

delete 左之後 , 再掃係 No threats 的

TOP

咁明顯都仲要問?.....

TOP

回覆 1# peterchu1


    每部機自己都要fully patched, 可以的話分subnets

TOP